package me.spring.cloud.components.starter.oauth2.backend.configuration;

import me.spring.cloud.components.starter.oauth2.backend.entrypoint.Oauth2ExceptionEntryPoint;
import me.spring.cloud.components.starter.oauth2.backend.handler.Oauth2AccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

/**
 * @author luffy
 **/
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

  @Autowired
  private LogoutHandler logoutHandler;

  @Autowired
  private LogoutSuccessHandler logoutSuccessHandler;

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .authorizeRequests().antMatchers("/v2/api-docs").permitAll()
        .anyRequest().authenticated()
        .and().logout().logoutUrl("/oauth/logout")
        .addLogoutHandler(logoutHandler)
        .logoutSuccessHandler(logoutSuccessHandler)
        .deleteCookies("JSESSIONID", "FP-UID")
        .invalidateHttpSession(true);
  }

  @Override
  public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    resources.authenticationEntryPoint(new Oauth2ExceptionEntryPoint())
        .accessDeniedHandler(new Oauth2AccessDeniedHandler());
  }
}
